Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,009 advisories

Loading
Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading... High Unreviewed
CVE-2019-7300 was published May 13, 2022
Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in... Critical Unreviewed
CVE-2019-6609 was published May 13, 2022
** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password... High Unreviewed
CVE-2019-6242 was published May 13, 2022
IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database... Critical Unreviewed
CVE-2019-4059 was published May 13, 2022
A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated... High Unreviewed
CVE-2019-10630 was published May 13, 2022
TeamPass Storing Passwords in a Recoverable Format vulnerability Critical
CVE-2019-1000001 was published for nilsteampassnet/teampass (Composer) May 13, 2022
A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials,... Critical Unreviewed
CVE-2018-19466 was published May 13, 2022
An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE... Critical Unreviewed
CVE-2018-18698 was published May 13, 2022
The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in... High Unreviewed
CVE-2018-18656 was published May 13, 2022
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain... High Unreviewed
CVE-2018-17500 was published May 13, 2022
An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to... Moderate Unreviewed
CVE-2018-12038 was published May 13, 2022
Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in... Critical Unreviewed
CVE-2018-1000851 was published May 13, 2022
Jenkins SonarQube Scanner Plugin stored server authentication token in plain text High
CVE-2018-1000425 was published for org.jenkins-ci.plugins:sonar (Maven) May 13, 2022
Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk High
CVE-2018-1000424 was published for org.jenkins-ci.plugins:artifactory (Maven) May 13, 2022
Jenkins Crowd 2 Integration Plugin stored credentials in plain text High
CVE-2018-1000423 was published for org.jenkins-ci.plugins:crowd2 (Maven) May 13, 2022
A vulnerability in the web-based management interface of Cisco Unified Communications Manager... High Unreviewed
CVE-2018-0474 was published May 13, 2022
Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect... Moderate Unreviewed
CVE-2018-17871 was published May 13, 2022
Jenkins AppDynamics Dashboard Plugin has insufficiently protected credentials Moderate
CVE-2019-1003039 was published for org.jenkins-ci.plugins:appdynamics-dashboard (Maven) May 13, 2022
ECS Publisher Plugin stored and displayed API token in plain text Moderate
CVE-2019-1003045 was published for de.eacg:ecs-publisher (Maven) May 13, 2022
Jenkins Repository Connector Plugin has insufficiently protected credentials Low
CVE-2019-1003038 was published for org.jenkins-ci.plugins:repository-connector (Maven) May 13, 2022
Jenkins youtrack-plugin Plugin stored credentials in plain text Low
CVE-2019-10287 was published for org.jenkins-ci.plugins:youtrack-plugin (Maven) May 13, 2022
Jenkins Jabber Server Plugin stores credentials in plain text Low
CVE-2019-10288 was published for de.e-nexus:jabber-server-plugin (Maven) May 13, 2022
Jenkins Diawi Upload Plugin stores credentials in plain text Moderate
CVE-2019-10284 was published for org.jenkins-ci.plugins:diawi-upload (Maven) May 13, 2022
Jenkins mabl Plugin stores credentials in plain text Moderate
CVE-2019-10283 was published for com.mabl.integration.jenkins:mabl-integration (Maven) May 13, 2022
Jenkins DeployHub Plugin stores credentials in plain text Moderate
CVE-2019-10286 was published for com.openmake:deployhub (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API